I have the following client-side JavaScript code that works just fine when using python-Flask Dev server, irrespective what type of content $('#b_comment_selected').text() has. Here is the JS code.
function some_editing(){
$.getJSON($SCRIPT_ROOT + "/_edit_me",
{
content: $('#b_comment_selected').text(),
label: $('#b_label_selected' ).text()
},
function () { //do something}
)
}
It also works when I run it on IIS and $('#b_comment_selected').text() does not contain any html tags. But the code does not work when there are html tags in $('#b_comment_selected').text(). The error I get in Chrome's console is a 403 Failed to load resource: the server responded with a status of 403 (HTTP/1.1 403 Forbidden)
My questions are: why does it work in the flask dev environment? Why does it not work on IIS? And how to fix it?
If I had to guess it has to do with characters like < or > but I can't find a definitive answer to my set of questions.
So the Solution was to replace the getJSON method with the ajax method, and this answered my third question "how to fix it?". And I think the first comment to the accepted answer in here jQuery - .getjson VS .ajax json answers my first and second question, in the context of securities in place on IIS, but then again I am not hundred percent sure.